As a matter of fact some time ago I built a proof of concept version of ModSecurity in Java. In some respects it is better than the original (eg more modular, supports stateful actions). The good thing about Java is that request filters are a part of the core Servlet specification, therefore ModSecurity/Java works on all Java Web servers equally.

Because there was very little interest for a Java version of ModSecurity I never posted it on the site. Eventually, I probably will, but at the moment I am still adding features to the original.